US10419434B2 - Method and device for improving the protection of a multimedia signal against a malicious attack - Google Patents
Method and device for improving the protection of a multimedia signal against a malicious attack Download PDFInfo
- Publication number
- US10419434B2 US10419434B2 US15/358,854 US201615358854A US10419434B2 US 10419434 B2 US10419434 B2 US 10419434B2 US 201615358854 A US201615358854 A US 201615358854A US 10419434 B2 US10419434 B2 US 10419434B2
- Authority
- US
- United States
- Prior art keywords
- protection
- multimedia signal
- multimedia
- command
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 230000004224 protection Effects 0.000 title claims abstract description 236
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000012545 processing Methods 0.000 claims description 29
- 230000009471 action Effects 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 238000013475 authorization Methods 0.000 abstract description 21
- 230000008569 process Effects 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 26
- 230000001960 triggered effect Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
Definitions
- Various embodiments of the invention and their implementation relate to the protection of digital systems and signals against malicious attacks, for example in the context of the management of digital rights and of conditional access systems.
- On-demand on-line services are increasingly common and present on multiple platforms, such as personal computers, decoders for television connected to the Internet, mobile telephones or tablets.
- a Conditional Access System (or CAS) is generally set up in the framework of the broadcasting of a video and audio content, or multimedia content.
- the multimedia content is encrypted by servers by virtue of a symmetrical key and the content broadcast is only accessible to the clients possessing the key.
- DRM digital rights management
- a client sends to a server an identification key specific to the client. If this client is authorized to access the content, the server encodes a content key by virtue of the identification key and transmits the encoded content key to the authorized client who is the only one able to decode it. The encrypted multimedia content is subsequently transmitted to the client who can decrypt it thanks to the decoded content key.
- encryption-decryption means generally formed by autonomous and secure hardware circuit blocks.
- the encryption-decryption means are controlled and managed by a digital rights management means DRM and a conditional access means CAS, henceforth referred to as management means.
- DRM digital rights management means
- CAS conditional access means
- the management means may be implemented in a secure area known as a “Trusted Execution Environment” (or TEE) of a processing system of the electronic support, which is generally the main processor.
- TEE Trusted Execution Environment
- the TEE notably allows secure software programs, referred to as trusted applications, to be executed in a secure manner disposing of an average allocated processing capacity and secure memory.
- the processing systems generally comprise a hardware-secured element (or SE for “Secure Element”) having little processing capacity but an excellent security.
- SE hardware-secured element
- the processing systems comprise an area allocated to an operating system (or REE for “Rich Execution Environment”) disposing of significant resources but which are not very secure and therefore very exposed to external attacks.
- multimedia output interface protections have been developed and are required notably depending on the services of the multimedia content providers.
- a version of the protection HDCP may be required on a digital video and audio output interface of the HDMI or DVI type.
- the application of the multimedia output interface protection required and the delivery of a multimedia signal on a multimedia output interface are generally controlled by respective drivers using the REE.
- protection means The means for implementing the multimedia output interface protection, referred to as protection means, and the delivery means, referred to as multimedia output interface, are generally formed by autonomous and secure hardware circuit blocks.
- SoC systems-on-a-chip
- a method for protection of at least one incoming multimedia signal in a multimedia system comprising a controllable enabling or disabling of an application of at least one interface protection to at least one outgoing signal coming from the at least one incoming signal and delivered by at least one multimedia output interface of the system.
- control of the enabling or of the disabling of the interface protection application is authorized or otherwise depending on security rules.
- the security rules represent and prescribe the protection potentially required for the signal during its processing on a targeted multimedia output interface, it being understood that other incoming signals may respectively require specific interface protections, which may be included within the same security rules, for other potential multimedia output interfaces of the system.
- control of the application of an interface protection is authorized if this application to the outgoing signal offers a degree of protection at least equal to a degree of protection defined in the security rules.
- the incoming multimedia signal may require a specific interface protection, in which case the security rules comprise the specific interface protection required by the signal for the multimedia output interface.
- the security rules can prescribe, or indicate, the minimum degree of protection required for each of the incoming signals into the multimedia system on each of the multimedia output interfaces of the system.
- a potential command for enabling an application of an interface protection for the outgoing signal is always authorized.
- a command for disabling an application of an interface protection previously enabled for the outgoing signal is authorized only if the outgoing signal has been delivered in its entirety on a multimedia output interface.
- the outgoing signal may be processed by packets of data, the security rules being updated when each packet has been delivered by the output interface, in accordance with the specific protection required by each packet delivered.
- the incoming multimedia signal may require a specific interface protection, in which case a protection action is applied to the outgoing signal if the outgoing signal delivered by the multimedia output interface of the system does not have an interface protection with a degree of protection at least equal to the degree of protection of the specific interface protection.
- the outgoing signal comprises a multimedia data stream coming from a decryption of an incoming stream of encrypted data of the incoming signal.
- the protection action comprises the non-triggering of the decryption.
- the decryption may be carried out prior to the controllable enabling or disabling of an application of an interface protection, in which case the protection action comprises the interruption of the decryption.
- a computer program product may be directly loaded into a memory of a data processing system, comprising portions of code of software for the execution of the method of protection defined hereinbefore when the program is executed on the data processing system.
- a protection device for at least one incoming multimedia signal, comprising at least one protection means controllable by a respective control means and configured for enabling or disabling an application of an interface protection to at least one outgoing signal coming from the at least one incoming signal and at least one output interface configured for delivering the at least one outgoing signal on at least one output.
- the device comprises, according to a general feature of this aspect, an authorization means configured for authorizing or otherwise the control of the enabling or of the disabling of the interface protection application depending on the security rules.
- the authorization means is configured for authorizing a command for the enabling or for the disabling of an application of an interface protection if this application to the outgoing signal offers a degree of protection at least equal to a degree of protection defined in the security rules.
- the incoming signal requires a specific interface protection
- a management means is configured so that the security rules comprise the specific interface protection required by the signal for the multimedia output interface, it being understood that other incoming multimedia signals may require respective specific interface protections, which may be included within the same security rules, for other potential multimedia output interfaces of the system.
- the authorization means may notably be configured for, in the case where the security rules do not prescribe any protection for the incoming signal, always authorizing a potential command for enabling an interface protection application for the outgoing signal.
- the authorization means is configured for authorizing a command for disabling an application of an interface protection previously enabled if the outgoing signal has been delivered in its entirety on a multimedia output interface.
- the protection device is configured for processing the incoming signal by packets of data
- the management means is configured for updating the security rules when each packet has been delivered by the output interface, in accordance with the specific protection required by each packet delivered.
- the incoming signal may require a specific interface protection, in which case the management means is advantageously configured for applying a protection action to the outgoing signal if the outgoing signal delivered by the multimedia output interface of the system does not have an interface protection with a degree of protection at least equal to the degree of protection of the specific interface protection.
- the outgoing signal comprises a multimedia data stream coming from a decryption, triggered by the management means and implemented by a decryption means, of an incoming stream of encrypted data of the incoming signal.
- the management means may be configured for applying the protection action while not triggering the decryption.
- the management means may be configured for triggering the decryption prior to the controllable enabling or disabling of an application of an interface protection, and for applying the protection action by interrupting the decryption.
- the management means may be configured for reading the state of the multimedia output interface protection for example in a status register for the protection means.
- the authorization means is advantageously incorporated into at least one secure area of at least one processor.
- a multimedia reader system is provided that is capable of reading a multimedia data stream, comprising a protection device such as defined hereinbefore.
- such a system may be formed or be included within a television decoder, a personal computer, a mobile telephone or a touchscreen tablet.
- the embodiments and their implementation defined hereinabove provide simple solutions for improving the protection of digital works, in a system within which the interface protection controllers are, in the main, implemented within an unprotected area of a processing system.
- FIG. 1 shows a functional diagram of one embodiment of a method for protection of a signal against a malicious attack
- FIG. 2 shows, more precisely, one embodiment of a protection device for a signal.
- FIG. 1 shows a functional diagram of one embodiment of a method for protection of a signal against a malicious attack.
- An incoming stream signal of encrypted multimedia data 10 is received by a client 12 , which may for example be an on-demand video program from a television decoder connected to the Internet, and is designed to be decrypted 22 and delivered on a multimedia output interface 30 .
- the incoming stream 10 requires the application of a specific multimedia output interface protection, in other words the data of the incoming stream 10 indicate to the client 12 which interface protection should be applied for the delivery of this data stream, after decryption 22 .
- Such a request, or indication generally originates from the multimedia content provider depending on the multimedia content.
- controllers 14 implemented within an REE unsecure area of a processor are capable as such of controlling and configuring a means allowing an output interface protection to be applied to the stream to be delivered at the output 30 .
- a verification 18 is advantageously carried out of the conformity of the command from the controller 14 with security rules 16 .
- the security rules 16 represent and prescribe the protection required for the stream being processed, referred to as current stream, on a targeted output interface.
- the command conforms to the security rules 16 , then the command is authorized 18 .
- the command is transmitted.
- control of the enabling or of the disabling of an application of an interface protection thus transmitted can then configure the means allowing an interface protection 26 to be applied.
- the command 14 is for enabling an application of an output interface protection, for example in the case where the security rules do not prescribe any protection for the incoming signal, then the command 14 is always authorized 18 .
- the command 14 is for disabling, whereas the security rules prescribe an active protection, then the command is only authorized in the case where the signal has been delivered in its entirety on a targeted output interface.
- an interface protection enabled for a given signal can only be disabled after the processing of the signal has finished.
- the command 14 is for disabling and if the security rules 16 do not prescribe any protection on the targeted output interface, then the command is authorized; this is notably the case for incoming data not requiring any protection.
- the interface protection 26 is compared 24 with the interface protection required by the incoming stream of encrypted data 10 .
- the decryption 22 is not triggered, or else, in a second case, interrupted in the case where the decryption 22 is implemented prior to the command 14 of the output interface protection.
- the first case corresponds to a DRM context in which the interface protection required is known prior to decryption, for example for a continuous download stream.
- the second case corresponds to a CAS context in which the interface protection required is not known prior to decryption of the incoming stream of data, for example for a broadcast of a pay multimedia content.
- the decryption 22 is triggered and the outgoing stream of decrypted multimedia data may be transmitted over an output interface. Furthermore, the security rules are updated for the processing of this signal 10 .
- FIG. 2 shows, more precisely, one embodiment of a protection device for a signal, in particular for a multimedia reader system 500 .
- the multimedia reader system is capable of reading a multimedia data stream, for example in the framework of an on-demand video service or of pay television.
- this type of system 500 may be an electronic system-on-a-chip forming or being included within a television decoder, a personal computer, a mobile telephone, a tablet or any other system capable of reading a multimedia content.
- the system 500 comprises a processing element, such as a microprocessor for example, comprising an area allocated to the operating system (REE) 100 , generally not very secure by nature, together with a secure area (TEE) 200 .
- a processing element such as a microprocessor for example, comprising an area allocated to the operating system (REE) 100 , generally not very secure by nature, together with a secure area (TEE) 200 .
- REE operating system
- TEE secure area
- a client 110 for example a video-on-demand program from a television decoder connected to the Internet, is notably able to manage interface protection controllers (IPC), there being three of them 101 , 102 , 103 , in the example shown here.
- IPC interface protection controllers
- the interface protection controllers 101 - 103 form a control means for respective interface protection means (IPM) 311 - 313 , configured for applying an interface protection to an outgoing signal 401 - 403 delivered on respective multimedia interfaces (MI) 301 , 302 , 303 .
- the system 500 comprises a decryption (DECR) means 250 configured for decrypting an incoming encrypted signal 10 and controlled by a management means 231 .
- DECR decryption
- the decryption means 250 together with the interfaces 301 - 303 and their respective protection means 311 - 313 , are generally formed by independent and secure hardware blocks.
- the multimedia interfaces 301 - 303 may for example be an HDMI output, a DVI output, a wireless port of the WiFi type, or an analog audio-video output, and may of course be more numerous, or less numerous, depending on the capacities and on the technology of the multimedia reader system 500 .
- the means for managing the digital rights and conditional access DRM/CAS (management means) 231 , together with an authorization (AUT) means 221 , are furthermore incorporated into the TEE 200 .
- the authorization means 221 and the management means 231 may be incorporated into separate TEE units, respectively referenced 220 and 230 , in which case they share a secure memory (M) 225 in order to be able to communicate with one another.
- the TEE 220 may be a secure area of a graphics processor or of screen display and the TEE 230 may be a secure area of the main processor.
- the shared and secure memory 225 may be formed by an autonomous hardware block or by a region of secure memory allocated to this function.
- the trusted drivers 201 - 203 may be incorporated into a TEE 210 separate from the TEE(s) 220 , 230 incorporating the management means 231 and the authorization means 221 .
- a secure memory (M) 215 allows the trusted drivers 201 - 203 to communicate with the authorization means 221 for example for receiving the authorizations for sending commands to the protection means.
- the client 110 of the REE receives an incoming stream 10 of encrypted multimedia data requiring a specific interface protection and triggers a procedure for delivery of the multimedia data.
- the management means 231 verifies whether the client 110 is authorized to access the multimedia content. If the client is authorized, the management means 231 triggers the decryption of the data received 10 by the decryption means 250 , the decrypted data 401 - 403 being subsequently transmitted over a multimedia output interface 301 - 303 .
- the protection controller negotiates a session key with a connected device (generally a display of the television type) during an authentication and key exchange step.
- the protection controller subsequently transmits the session key via protection means and controls the activation of an encryption of the outgoing multimedia stream delivered by a multimedia output interface.
- the encryption is for example notably carried out by means of a secret key and of an exclusive OR (or XOR) gate between the multimedia data stream and the session key, generally forming an encryption of the AES (Advanced Encryption Standard) type.
- AES Advanced Encryption Standard
- the management means 231 , the authorization means 221 and the trusted drivers 201 - 203 operate in collaboration in order to provide an improvement in the various multimedia interface protections, and allow such an attack to be countered.
- the authorization means contain security rules (SR) 222 , established in such a manner as to correspond to the output interface protections specific to each incoming stream 10 , potentially plural and simultaneous, and for each multimedia output interface 301 - 303 .
- SR security rules
- the control does not command an application of a protection having a degree of protection lower than the degree of protection of the protection prescribed by the security rules 222 , the command is transmitted by the trusted drivers 201 - 203 to the respective protection means 311 - 313 .
- a data stream is processed by packets, forming “sub-streams”.
- a command is generated by the protection controllers 101 - 103 destined for the respective protection means 311 - 313 , depending on the output interface 301 - 303 respectively used and on the protection specific to the current sub-stream required.
- a session for decryption of the current sub-stream is subsequently triggered by the management means 231 .
- the conformity with respect to the security rules 222 for each of the commands from the protection controllers 101 - 103 is verified by the authorization means 221 .
- a control of the enabling or of the disabling of an application of an interface protection is authorized if this application to the outgoing signal offers a degree of protection at least equal to the degree of protection prescribed by the security rules 222 .
- the trusted drivers 201 - 203 are authorized by the authorization means 221 to finalize the command and to configure the protection means 311 - 313 .
- the authorization means 221 When the command is for enabling an interface protection, the authorization means 221 always authorizes the trusted protection driver 201 - 203 to enable the respective protection 311 - 313 .
- the management means 231 verifies that the protection means 311 - 313 are configured in accordance with the specific protection required by the current sub-stream.
- the management means 231 verifies that the outgoing signal 401 - 403 does not support an interface protection offering a degree of protection lower than the degree of protection prescribed by the security rules 222 .
- the configuration state of a protection means 311 - 313 is for example read in a status register for the targeted protection means.
- the protection means 311 - 313 is not configured in accordance with the required protection, then the decryption is not triggered, or is interrupted, in order not to deliver data not conforming to the security rules.
- a protection action may be formed by any exercise preventing the delivery of a signal not protected according to its required specific protection.
- the authorization means 221 verifies whether the interface protection means 311 - 313 subject to the command offers a degree of protection at least equal to the degree of protection prescribed by the security rules 222 .
- the trusted drivers 201 - 203 are authorized to disable the respective protection means.
- the trusted drivers 201 - 203 are not authorized to send a command to the corresponding protection means 311 - 313 .
- the management means 231 communicate through authorization means 221 that the decryption is finished and the authorization means 221 update the security rules 222 accordingly.
- the output interface protection can be disabled.
- the management means 231 verifies that the protection means 311 - 313 are configured in accordance with the specific protection required by the current sub-stream, after the decryption, which amounts to delaying this verification step and the potential protection action.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (30)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1654870 | 2016-05-31 | ||
FR1654870A FR3052009B1 (en) | 2016-05-31 | 2016-05-31 | METHOD AND DEVICE FOR ENHANCING THE PROTECTION OF A MULTIMEDIA SIGNAL AGAINST MALICIOUS ATTACK. |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/550,391 Division US11505938B2 (en) | 2018-03-26 | 2019-08-26 | Flexible space frame components and method of construction |
Publications (2)
Publication Number | Publication Date |
---|---|
US20170346825A1 US20170346825A1 (en) | 2017-11-30 |
US10419434B2 true US10419434B2 (en) | 2019-09-17 |
Family
ID=56855594
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/358,854 Active 2037-04-26 US10419434B2 (en) | 2016-05-31 | 2016-11-22 | Method and device for improving the protection of a multimedia signal against a malicious attack |
Country Status (2)
Country | Link |
---|---|
US (1) | US10419434B2 (en) |
FR (1) | FR3052009B1 (en) |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004021700A1 (en) | 2002-08-28 | 2004-03-11 | Koninklijke Philips Electronics N.V. | Method and arrangement for watermark detection |
US20060069926A1 (en) * | 1995-02-13 | 2006-03-30 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20110099255A1 (en) * | 2009-10-27 | 2011-04-28 | Shyam Sundar Srinivasan | Managing command compliance in internetworking devices |
US20120151580A1 (en) | 2010-12-06 | 2012-06-14 | Samsung Electronics Co., Ltd. | Computing system |
US20120173877A1 (en) | 2011-01-05 | 2012-07-05 | Ramesh Pendakur | Method and apparatus for building a hardware root of trust and providing protected content processing within an open computing platform |
US20120278869A1 (en) * | 2009-10-15 | 2012-11-01 | Interdigital Patent Holdings, Inc. | Registration and credential roll-out for accessing a subscription-based service |
EP2698736A2 (en) | 2012-08-17 | 2014-02-19 | Broadcom Corporation | A multi-security-CPU system |
US20140095918A1 (en) | 2012-09-28 | 2014-04-03 | Per Ståhl | Method and Apparatus for Maintaining Secure Time |
US20140143798A1 (en) * | 2012-10-12 | 2014-05-22 | Sling Media Inc. | Methods and apparatus for managing interfaces in a placeshifting device |
US20140233732A1 (en) | 2013-02-21 | 2014-08-21 | Broadcom Corporation | Mobile paytv drm architecture |
EP2804123A1 (en) | 2013-05-09 | 2014-11-19 | Samsung Electronics Co., Ltd | Method for providing DRM service and electronic device thereof |
US9152798B1 (en) | 2013-02-04 | 2015-10-06 | Google Inc. | Securely enabling content protection across a sandboxed application boundary |
US20160070887A1 (en) | 2014-09-10 | 2016-03-10 | Microsoft Corporation | Media decoding control with hardware-protected digital rights management |
US20160255051A1 (en) * | 2015-02-26 | 2016-09-01 | International Business Machines Corporation | Packet processing in a multi-tenant Software Defined Network (SDN) |
US20170105171A1 (en) * | 2015-10-07 | 2017-04-13 | Mcafee, Inc. | Multilayer access control for connected devices |
US20170201541A1 (en) * | 2016-01-13 | 2017-07-13 | International Business Machines Corporation | Securing Deployments Using Command Analytics |
-
2016
- 2016-05-31 FR FR1654870A patent/FR3052009B1/en not_active Expired - Fee Related
- 2016-11-22 US US15/358,854 patent/US10419434B2/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060069926A1 (en) * | 1995-02-13 | 2006-03-30 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
WO2004021700A1 (en) | 2002-08-28 | 2004-03-11 | Koninklijke Philips Electronics N.V. | Method and arrangement for watermark detection |
US20120278869A1 (en) * | 2009-10-15 | 2012-11-01 | Interdigital Patent Holdings, Inc. | Registration and credential roll-out for accessing a subscription-based service |
US20110099255A1 (en) * | 2009-10-27 | 2011-04-28 | Shyam Sundar Srinivasan | Managing command compliance in internetworking devices |
US20120151580A1 (en) | 2010-12-06 | 2012-06-14 | Samsung Electronics Co., Ltd. | Computing system |
US20120173877A1 (en) | 2011-01-05 | 2012-07-05 | Ramesh Pendakur | Method and apparatus for building a hardware root of trust and providing protected content processing within an open computing platform |
EP2698736A2 (en) | 2012-08-17 | 2014-02-19 | Broadcom Corporation | A multi-security-CPU system |
US20140095918A1 (en) | 2012-09-28 | 2014-04-03 | Per Ståhl | Method and Apparatus for Maintaining Secure Time |
US20140143798A1 (en) * | 2012-10-12 | 2014-05-22 | Sling Media Inc. | Methods and apparatus for managing interfaces in a placeshifting device |
US9152798B1 (en) | 2013-02-04 | 2015-10-06 | Google Inc. | Securely enabling content protection across a sandboxed application boundary |
US20140233732A1 (en) | 2013-02-21 | 2014-08-21 | Broadcom Corporation | Mobile paytv drm architecture |
EP2804123A1 (en) | 2013-05-09 | 2014-11-19 | Samsung Electronics Co., Ltd | Method for providing DRM service and electronic device thereof |
US20160070887A1 (en) | 2014-09-10 | 2016-03-10 | Microsoft Corporation | Media decoding control with hardware-protected digital rights management |
US20160255051A1 (en) * | 2015-02-26 | 2016-09-01 | International Business Machines Corporation | Packet processing in a multi-tenant Software Defined Network (SDN) |
US20170105171A1 (en) * | 2015-10-07 | 2017-04-13 | Mcafee, Inc. | Multilayer access control for connected devices |
US20170201541A1 (en) * | 2016-01-13 | 2017-07-13 | International Business Machines Corporation | Securing Deployments Using Command Analytics |
Non-Patent Citations (1)
Title |
---|
INPI Search Report and Written Opinion for FR 1654870 dated Dec. 15, 2016 (10 pages). |
Also Published As
Publication number | Publication date |
---|---|
US20170346825A1 (en) | 2017-11-30 |
FR3052009A1 (en) | 2017-12-01 |
FR3052009B1 (en) | 2018-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10754930B2 (en) | Remotely managed trusted execution environment for digital rights management in a distributed network with thin clients | |
US8984302B2 (en) | Information processing apparatus | |
US20210136431A1 (en) | Secure Bridging of Third-Party Digital Rights Management to Local Security | |
CN106464485B (en) | System and method for protecting content keys delivered in manifest files | |
US8800059B2 (en) | System and method for processing and protecting content | |
KR101172093B1 (en) | Digital audio/video data processing unit and method for controlling access to said data | |
US9479825B2 (en) | Terminal based on conditional access technology | |
US20140123320A1 (en) | Processor, processor control method, and information processing device | |
US8954722B2 (en) | Enforcing software updates in an electronic device | |
US8565427B2 (en) | Enforcing software independent content protection in an electronic device | |
EP2958039B1 (en) | Device for decrypting and providing content of a provider and method for operating the device | |
TWI492602B (en) | Mac code verification without disclosure | |
US20110113443A1 (en) | IP TV With DRM | |
US10395013B2 (en) | Method and device for enhancing the protection of a signal, in particular a multimedia signal, against a malicious attack | |
EP3605371B1 (en) | Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients | |
US10387628B2 (en) | Accessing content at a device | |
US10419434B2 (en) | Method and device for improving the protection of a multimedia signal against a malicious attack | |
WO2015008252A1 (en) | A system for receiving and decrypting multimedia content | |
US9740834B2 (en) | Usage rights information for protected content having two parts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: STMICROELECTRONICS SA, FRANCE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEHEUP, JOCELYN;REEL/FRAME:040402/0874 Effective date: 20161114 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: AWAITING TC RESP., ISSUE FEE NOT PAID |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
AS | Assignment |
Owner name: STMICROELECTRONICS FRANCE, FRANCE Free format text: CHANGE OF NAME;ASSIGNOR:STMICROELECTRONICS SA;REEL/FRAME:066663/0136 Effective date: 20230126 |